Windows defender Win32/Persistence.DQ!ml, what is it? - windows-10

I'm trying to figure out what this generic description of malware means, googling it didn't turn up much
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Behavior%3aWin32%2fPersistence.DQ!ml&threatid=2147737492
I'm creating a desktop application/browser plugin. Today when I tried to installing and testing the latest version on windows 10 (earlier versions of the program didn't give cause this problem) windows defender reacted to the executable. It gave me the link above but that just gives some generic user information. It also allowed the program to continue to execute which I thought was odd but maybe more information on what this means might explain why. The program itself is not doing anything shady so I'm sure this is a false positive but I would like to know what Win32/Persistence.DQ!ml means, so I can try to avoid triggering false positives in the future.

Related

Python was not found but can be installed

I have just installed python3.8 and sublime text editor. I am attempting to run the python build on sublime text but I am met with "Python was not found but can be installed" error.
Both python and sublime are installed on E:\
When opening cmd prompt I can change dir and am able to run py from there without an issue.
I'm assuming that my sublime is not pointing to the correct dir but don't know how to resolve this issue.
This isn't a Sublime issue, it's a Windows 10 issue. My Windows 10 boxes don't have this feature so I'm not sure how widely spread it is, but you may want to check out this (seemingly unrelated) question "Permission Denied" trying to run Python on Windows 10.
The general gist from this post is that these new stub redirectors are supposed to direct you into installing some missing applications from the Windows App store and that user-installed versions are supposed to take priority, but depending on how the PATH is modified the system might find the stub versions before your user installed versions.
The currently accepted answer mentions:
The second part of correcting it is to type "manage app execution aliases" into the Windows search prompt and disable the store versions of Python altogether.
It's possible that you'll only need to do the second part, but on my system I made both changes and everything is back to normal now.
In the comments, there are comments from Zooba which further indicate that this is the way to go:
(Microsoft employee and CPython core developer here) You definitely only need to do the second part. There have been a couple of bugs related to upgrading apps resetting aliases which will be fixed in the next stable update, so it should be a one-time fix by then. While you're getting Insiders updates you may need to do it a couple more times.
... And launching the Store is a new feature to help people install Python - if you've added it to PATH using the regular installer it should take precedence over the new redirector, but if not you've discovered above how to disable it.
i had the same problem, so i went to the microsoft store (windos 10) and simply installed "python 3.9" and problem was gone!
sorry for bad english btw

System crashes while using clearcase 8.0.1.x /9.0.1.x (checking out files) on windows 10 (1803) platform

After upgrading system to Windows 10 - os 1803 we are getting below issues while working with ClearCase 8.0.1.x/9.0.1.x
Unable to checkin/checkout.
Not able to create views.
Not able to add any file to source control.
The system hangs & crashes while performing any ClearCase operation.
There is no error message, but I have attached screenshot for reference.
Please let us know if there is any issue with the Windows 10 ver(1803), any security system enabled?
Or has ClearCase provided any fix?
We have tried 9.0.1.5 and issue still persists.
This is what we got from windows event log.
The computer has rebooted from a bugcheck.
The bugcheck was:
0x000000c2 (0x0000000000000004, 0x00000000535be990, 0x000000000004efd3, 0xfffff803e01848b1)
for most of them whoever has upgraded to windows 1803 ver :( for people who are still using ver1709 it is working perfectly fine
Then I would recommand contacting IBM support: only them can update their ClearCase 9/Windows 10 compatibility matrix and confirm if MVFS is supported on a more recent (1803) Windows 10 edition.
We also facing same problem and I have raised the case with IBM. Still not yet resolved. As IBM said there are some limitations to work ClearCase with windows 10 and windows 2016.
We tried all the options except Secure boot disable. If possible please do disable secure boot option in Windows 10 and try to checkin/checkout code from CleraCase
Note : It works for Snapshot views. That means the issue related to MVFS
I'm seconding #VonC's recommendation to open a ticket with IBM. When you do that, save a step and collect a clearbug2 and a kernel memory dump to send in as soon as the case is opened. It will save the turn-around time of us asking you for it. If the installed programs list doesn't list installed security software (DLP, Privilege management sw like Avecto, other endpoint security tools), please list those separately as well.
I would also love to know who # IBM told you there are "limitations" with Win10-1803.
There are a few issues with Windows 10 "version upgrades" breaking things, but they generally don't cause system crashes. Windows 10 upgrades are actually full OS installs that then (imperfectly) migrate application settings. Anything that uses custom network providers (ClearCase is one example) will find that the network providers will be broken or partially broken. Reinstalling is usually required. Again, that has not yet been reported as a cause of a BSOD.
If the upgrade/reinstall didn't fix view creation, please post a separate question on the view creation issue. There may be things we can do to the SMB 2 caches to allow view creation to work in cases where the view storage is not on the client host.
I noticed that the screen shot you posted is a Terminal Services disconnect screenshot. Does the issue only occur over a Terminal Services client connection or does it also happen on a local connection?

node.js Setup Wizard ended prematurely in windows 10 64bit

For the last 3 days I have been trying to figure out how to install node.js. I tried every solution that I found on the internet, like disabling certain components during installation, installing both x86 and x64 etc, none of them worked.
My OS is Windows 10 x64. I tried different versions of node.js and they all return the same error shown in the screenshot below.
I tried installing through the command line and got the log. But I could not find anything useful from the log either. Please help.
The log can be found here: this path : https://drive.google.com/open?id=1OkkK36hlQeBX0xTNuOuilGaNr1u3S55e
MSI (s) (74:88) [20:49:45:955]: Executing op: ActionStart(Name=RegisterEventManifest,,)
MSI (s) (74:88) [20:49:45:961]: Executing op: CustomActionSchedule(Action=RegisterEventManifest,ActionType=3073,Source=BinaryData,Target=CAQuietExec,CustomActionData="wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man")
MSI (s) (74:A0) [20:49:45:969]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI33C1.tmp, Entrypoint: CAQuietExec
CAQuietExec: Error 0xc0000409: Command line returned an error.
This is the relevant part of the log and where the install keels over, noise removed. 0xc0000409 is very, very nasty. STATUS_STACK_BUFFER_OVERRUN is a stack corruption error, triggered by code that protects against viral attacks.
Searching for "nodejs install 0xc0000409" takes you to this bug report, notable from December 2015. This issue has been dogging users for a long time, but they are having trouble finding the root cause. The generic workaround is to disable this install step by disabling the installation of the ETW performance counters.
Which works, but is but a band-aid. I think macario1983's comment points at the real troublemaker. It got a lot of helpful votes in just two days. And points at the kind of viral rootkit that programmer's voluntarily install, the kind that can so easily cause a STATUS_STACK_BUFFER_OVERRUN error with no decent way to identify the code that causes it. Anti-malware has become a cure that is worse than the disease, Avast in particular is a truly awful product and does not belong on a programmer's machine.
So decent advice is to 1: disable the anti-malware product before installing Node. 2: get rid of completely if it is Avast. 3: disable the performance counter registration. 4: try the updated installer, patched 4 days ago.
I disabled the AVG antivirus(version 18.4.3056) but not windows firewall and then i was able to install nodejs.
Possible options to solve this:
1. Removing previous installations traces
If you have previous installations, make sure that they were uninstaled completely. If HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{1e2e15d7-3760-470e-8699-b9db5248edd5} record exist in your register, remove it.
2. Disabling Performance Counters
If you don't need Performance counters feature, try to install without it (or maybe even without Event Tracing).
3. Disabling security and giving the full permissions
Clean Temp Folder
Disable your antivirus/firewall for the period of installation.
C:/users/$user/AppData/Local/Temp- Right Click on Temp and go to Properties > select Security Tab > give the user permissions by checking Full Control on permission
Install Node.js
I had today the same problem with Windows 10 64 bit and Node.js 8.11.2: disabling completly Avast just for the time of the installation solved the issue.
I was trying to install Node.js through node-v8.11.2-x64.exe, but it was rolling back every time at the end. The error in the event log was about wevtutil.exe, version 10.0.17134.1
I had the same issue on a Windows 2012R2 server installing node-v8.11.2-x64, and disabled the McAfee anti-virus to no avail. When I went to clean out the TEMP folder as suggested in this thread, I noticed that several files and folders were locked and could not be deleted, so I rebooted the machine (with the anti-virus disabled). After the reboot, I noticed that the locked temp files had been deleted, and I was able to install node.js, including the Performance Counters and Event Tracking options.
I spent one day for that ....Best solutions is download zip example node-v12.16.2-win-x86.zip.

Windows 7 Application Experience Service keep stopping preventing MSVC from linking

Annoyingly, when developing in MSVC2010, my EXE will not link (ie cannot emit output file) because the application experience service in Windows 7 has stopped.
I've no idea how these two things can be related, but i've been "fixing" it my manually restarting the process in the Windows service manager. Then i can link. At a random time later it will happen again. the process is set to automatic by default.
i've had enough of this madness. does anyone have any ideas? thanks.
Please try this: http://gauravpandey.com/wordpress/?p=291 it should work. it has atleast worked for me though I have not really understood the relationship between the two issues.

NSIS Installer slow on machine with Microsoft Security Essentials

So I've got an issue where our NSIS installers slow down heaps when installing over the top of an existing installation?
It seems to be directly related to Microsoft's Security Essentials and turning off runtime checking causes it to go away, but I've never encountered anything similar with any other installers - so is there a known issue here or should we be doing things differently to avoid this kind of thing?
To give you an idea how slow.. each .EXE takes 10-15 seconds to unpack but on a clean machine or with Security Essentials turned off it takes only a second or two - and this is on the a top of the line core i7 with 12GB of ram.
Only thing I can think of is to copy the exe to a temporary file and then move it over afterwards, but this seems a bit clunky.
You might consider switching to using Microsoft WIX instead, http://wix.sourceforge.net/ It works quite nicely, it's free, and it's supported by Microsoft. I'm fairly sure that Microsoft is not going to let it interact negatively with their own anti-virus.
The "killer moment" when I switched from nsis, was when one of the nsis uninstallers generated a false positive with microsoft defender. I then uploaded it to http://virustotal.com , and 5 out of 20 anti-virus scanners flagged it as a trojan. I'm not sure exactly what nsis uninstaller does to make it prone to false positives, but the idea of one of my not so many potential clients trying tentatively my software and then being told it is a virus fills me with horror!
-- Outdated answer. Microsoft Defender is kinda good now --
You're gonna hate me.
If you're competent, lose the antivirus.
Antivirus is only needed by those who are unable to keep their machines from getting infected without it.
I ran antivirus for years, and had it legitimately trip only once, on a six month old backup of my mail folder. What's weird is it sat for 6 months before the antivirus caught it. In the meantime, it tripped many times on false positives.
I don't run antivirus anymore and would be glad if I never ran it again.

Resources